Reply to post: Re: Who knew ?

Blocking ads? Smaller digital publishers are smacked the hardest


Re: Who knew ?

"The stupidity is domains with SCRIPTS", there FTFY

We spend time trying to educate users into not installing every little piece of software they encounter and then we turn around and tell these users it is ~perfectly safe~ to allow every website they visit run [obfuscated] third party code that in itself is an attack vector as well as malware conduit.

We finally started extricating Flash off of our systems. We consigned Silverlight to /dev/null. We don't have to keep Java [plugin] around. But yet we don't want to address the elephant in the room: JavaScript.

Many browsers only allow you to disable Javascript entirely, with per-domain exceptions which would be fine except whole classes of developers have decided that we should use (obfuscated) JavaScript to generate the page content so if you disable JS you get served an inappropriately blank page.

Besides being a real inconvenience, even whitelisting sites like these (or even the nicer ones just to get the menus to work) still allows the embedded scripts to call home to a third party domain, downloading code and injecting it into a dynamically added SCRIPT tag on the page.

Supposedly this is just the risk we take for browsing the modern web, but for me the risk of some piece of third party code leading to a malware infection is an unacceptable risk and I castigate the modern web developers that enable this bad behaviour.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020